Author Topic: Malware or Adware??  (Read 1812 times)

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 729
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Malware or Adware??
« on: April 05, 2012, 05:33:37 AM »
See: https://www.virustotal.com/file/1fbcce03e004a03e5015c10f37451e17a5fd63723e5249e4c605d03d136f9395/analysis/1333603840/
First seen by VirusTotal
2011-12-25 22:02:23 UTC ( 3 months, 1 week ago )
Nothing detected by avast yet...
Malwarebytes detects as trojan Repack SMS
see result from camas:
http://camas.comodo.com/cgi-bin/submit?file=1fbcce03e004a03e5015c10f37451e17a5fd63723e5249e4c605d03d136f9395
anubis report:
http://anubis.iseclab.org/?action=result&task_id=16ecc2b4e885eacb4b59e47abf651a087&format=html
Threat expert says:
http://www.threatexpert.com/report.aspx?md5=bf3d598eda041e4023e0b369b6725fbd
Looks like it drops Funmood adware  ??? interesting....
Quote
%Temp%\mt_ffx\Funmoods\funmoods\1.5.12.2
Norton gives a suspicious insight on it:
http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
Reported to avast from chest.

Any guess of what it is??
« Last Edit: April 05, 2012, 05:48:16 AM by true indian »

Offline Pondus

  • avast! √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 21644
  • Gender: Male
    • Personal Message (Offline)
Re: Malware or Adware??
« Reply #1 on: April 05, 2012, 10:14:28 AM »
Sigcheck

publisher................: PC MEGA RAPIDO LTDA
product..................: ASSISTENTE DE DOWNLOAD
internal name............: ASSISTENTE DE DOWNLOAD
copyright................: (c) PC MEGA RAPIDO LTDA
original name............: pcmegarapido.exe
signing date.............: 6:51 AM 12/22/2011
signers..................: YBR INTERNET LTDA ME
               Go Daddy Secure Certification Authority
               Go Daddy Class 2 Certification Authority
file version.............: 1.0.0
description..............: ASSISTENTE DE DOWNLOAD



upload to Avira and see what they say
and you posted wrong ThreatExpert link

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now